jaklein.ncsu.edu's blog

OIT ISO Calendar resources

We've got s couple of Google Calendars created for the ISO group in OIT.

Custom .ADM files in the year 2011

So, we have some servers coming into Wolftech that need to enable "AutoAdminLogon"

This setting is turned off by the Microsoft EC "baseline, best practice" security GPOs applied to the Domain.

Not a problem, right?  We just set a GP closer to the servers in question, and since we're cool, we'll filter on group membership so we can pick and choose what machines get this security setting overwritten.

Errors with Kerberos Service Principal Names

 Hi folks,

I got a note from Billy warning me of some duplicate service principal names.  From what I can gather, this is caused usually by having a single service registered in the directory as running under two sets of credentials.  Most of the google results tag this condition as very very bad/scary and likely to cause service login failures.  Here's the MS KB http://support.microsoft.com/kb/321044

Computer objects under the old ISO container


I'm gathering data about the OUs under OIT that we've been planning to migrate up to the OIT level for a while now.  After our latest re-org, there current stucture is even more out of date that usual. :-D
Here's a list of computer objects located under /ncsu/oit/iso
dsquery * -startnode "ou=ISO,ou=OIT,ou=NCSU,dc=wolftech,dc=ad,dc=ncsu,dc=" -filter "(objectclass=Computer)" -attr cn operatingSystem -scope subtree | sort
  cals00fs           EMC Celerra File Server

Windows Remote Assistance and firewalls

So I've been reading up on "Windows Remote Assistance" where a "novice" can request assistance from an "expert"  There's a decent overview at http://technet.microsoft.com/en-us/library/bb457004.aspx

Academic apps to put into Citrix



 Kevin and I are looking into how to process applications delivered via group policy and get them quickly and correctly into Citrix.

I used dsquery/dsget to get a recursive list of the apps associated with "Unity Apps-full" and here's the resulting list.

NCSU-FW-Adobe-Acrobat Reader-9.3.3

NCSU-FW-Adobe-Flash Player-

NCSU-FW-Adobe-Shockwave Player-

NCSU-FW-Apple-QuickTime Player-7.60.92-20090506



Raw data about ACSAD servers

Some raw data about the machines under ou=Servers in ACSAD

OIT-Servers-Temp-ISO-Management group


This morning a group of worker bees created a new group in the WolfTech active directory, OIT-Servers-Temp-ISO-Management

Its purpose is to group together computers (servers) that we want to manage as OIT, in WolfTech, and not as servers from legacy organizations or domains.  We have a real problem with expectation control because OIT has no processes or conventions established, and depending on where you're from, conventions may be incompatible with your collegues.

Combining SSL certs for use by IIS

 So this is more of a reminder of what we did than an announcement.

We've been playing tag with SnC (our cert provider) and ComTech (the Netscaler admins) to get a PKI certificate installed for the Citrx servers, which run IIS on Windows.

The key request was not generated on the Windows hosts on which they were to be used, which makes everything more exciting.

We had the following files:


Syndicate content